Those Islamic State kill lists you keep seeing are not real, just hacker script kiddies levelling up

Pro-Isis hackers keep releasing kill lists purported to be from Islamic State, yet are these lists for real?iStock

A group of anti-terrorism analysts is urging the media to be wary when it comes to covering stories about supposed Islamic State (Isis) kill lists, as the analysts believe that the information being released onto the internet isn't even actually from Daesh.

In June, a pro-Isis hacking collective known as the United Cyber Caliphate (UCC) released a kill list containing personal details relating to 4,481 random individuals in the world, including 285 Indian nationals, on its private Telegram channel, exhorting fellow Isis supporters to locate and attack these individuals.

And on 17 July, the UCC followed this up with a new kill list naming 264 government employees from Massachusetts, US, prompting action from State Police, Boston police and the governor's office to notify the individuals on the list.

However, Ghost Security Group (GSG), a non-profit organisation of people who analyse information relating to Isis on social media platforms to track potential terrorist activities, says that while the personal details about the people on the kill lists is accurate, the intent from Isis to kill them isn't actually there.

Making old breach data into 'kill lists'

"These guys look for anything they can make a list out of, twist the story behind it to look mysterious and scary, publish it and wait for the media to blow it up. It doesn't matter that it won't get seen by many on Telegram. Everyone in the world needs to know, these guys are not dangerous, they are not frightening, they are not especially talented and they aren't even officially recognised by the Islamic State," Raijin, GSG's technical lead tells IBTimes UK.

"What matters more to them is that the media picks it up and starts publishing their name and their images across the world stage, which greatly increases their visibility and hopefully they'll inspire someone who's on the fence about doing something for the Islamic State cause."

GSG took down 120,000 pro-Isis Twitter accounts in 2015 and on average reports 3,000-5000 usernames to Twitter to ban a month. The group officially assists various agencies of the US government in gathering intelligence on Isis operations, and along the way, has to wade through a huge amount of propaganda from would-be supporters, most of which is posted on the encrypted messaging app Telegram.

The group says that the UCC pro-Isis hacking group is forever releasing kill lists practically every week, but the content from the lists comes from previous data breaches or simply information that is publicly available on government agency websites as a matter of transparency, or because the government agency has failed to properly secure its servers.

For example, the data on the Massachusetts employees came from a payroll directory excel spreadsheet listing the names, work addresses, office phone numbers and fax numbers of all the payroll directors of each local government department in the state, which can be easily downloaded from the Official Massachusetts state government website if you have the direct hyperlink.

"At this time we have no intelligence suggesting any immediate threat to Massachusetts citizens in response to this list or for any other reason," State Police spokesman David Procopi told the Boston Globe.

But there are lots of incidents posted on Telegram constantly – kill lists containing names of New Yorkers taken from a Parking Permit registration spreadsheet from the NYC state government's website; the attendees' list from the US Society of Mechanical Engineers' annual conference, and even a list of US veterans who were commanders during the Vietnam War, taken from Wikipedia.

Taking hacker pranks one step too far

The United Cyber Caliphate is made up of several groups of pro-Isis hackers that merged in April in order to boost their hacking capabilitiesUnited Cyber Caliphate / Telegram

"The world cannot be fooled into thinking these guys are breaching high value sites. They're hitting sites that are so old and vulnerable that the footprints of at least four or six other hackers are all over the place, often with multiple defacements hiding within the pages of the sites," Raijin explains.

Hackers that are learning the ropes often breach websites and then "deface" them by leaving their hacker name somewhere on the website or by hijacking it to display an image and text. The game involves getting your hacker name onto as many sites as possible and then taking screenshots as proof and then uploading the screenshots to websites like Zone-H.org, however it seems that UCC has taken it a step further.

"These guys have just graduated to putting pro-Isis messages onto those sites instead of their hacker tag and if they stumble upon a database or spreadsheet along the way, they package it up to look threatening and post it as a leak," says Raijin.

"They can't keep a Twitter account for more than 30 minutes nowadays, so their garbage doesn't get seen a whole lot by people other than media or spies and a handful of supporters before it gets taken down. It's the media that actually assists in their entire plan – no one's going to shut down articles from the Wall Street Journal, Wired, SITE Intelligence Group or IBT, so their message not only gets spread far and wide, but it's guaranteed to stay visible forever."